Overview

overview

7

Static

static

7

eacfd104bb...18.exe

windows7-x64

7

eacfd104bb...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    118s
  • max time network
    134s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    19-09-2024 07:02

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    eacfd104bb698e1d2376ed8d4cfc0eec_JaffaCakes118.exe

  • Size

    13KB

  • MD5

    eacfd104bb698e1d2376ed8d4cfc0eec

  • SHA1

    df09eb9bc2df4939154d278ef599fe3c8e04a635

  • SHA256

    f665be05e0e685d52f6a4adfdf40181573b29df7dd5e17148136ef50f1f6cf41

  • SHA512

    a5943b2005ea55f1240acba0e827ced466b3a2044b5e07ba86abc0c7effa7ebcb1cfa099b95bb87d2f6e3a11e6b18df7c3988ac5a2692cf2fcafd9aeab9d99b0

  • SSDEEP

    192:OS4gbgkAN4SJj+bfrJsUwv7E6qT9gQPw9Kr9ZCspE+TMwrRmK+vhOrAK2:OS4uI44aJ+7NqyQPw9jeM4m7t

Score
7/10
discoveryupx

Malware Config

Signatures

  • UPX packed file 2 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 34 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 7 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\eacfd104bb698e1d2376ed8d4cfc0eec_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\eacfd104bb698e1d2376ed8d4cfc0eec_JaffaCakes118.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2656
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" http://ads.eorezo.com/cgi-bin/advert/getads?did=43
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1860
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1860 CREDAT:275457 /prefetch:2
        3⤵
        • System Location Discovery: System Language Discovery
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2936

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    b6980241e968a78dfeec54bfa92000b4

    SHA1

    225fc35c3139d984b3b1820c01440f171afda477

    SHA256

    123a79e131d5be730b0a60b667ce9927f0635c50f4e4f4462e8d3cec5a9f431f

    SHA512

    36fbcff10b6f907a340f5d6596c9c01bf5fbd392fbd55d99d65a4df8958fae6f0853f2d0a5f0e601faf18ecc444ce080cabd29673604d344dbea787752976739

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    8860678a8ccaf901ab534c5025b65abe

    SHA1

    fbc8562eb4c0f022428ef4231942c650881deb33

    SHA256

    9de6a081fa320d811893415c86eb1fe800c12eaa917977adbc1912311b1c1fd2

    SHA512

    db54c053a87b3e50d2c1d6794ba29e19c77835155552ea61c4aa2796ebc2a5b4ae95489af4a94fa407b6bd22ba4bfe54c33a00dda7c40800f272dd9e789e56b3

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    c8882c684e3f9e7b41bd7ca28105d8bc

    SHA1

    5b5b27353ae14748b4daa36afa1870ac67f37464

    SHA256

    8f232b3982133578c1d5612467c2dc1ace3409405de10844ae8628230aee988b

    SHA512

    9104b738b1158e68bc8feb690de0a6d1105664dfe601f9e8c33c1523f71f759bc437f2d75c1a06f932da34dc63401687492d55740b20f3670849687bc10485f1

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    99d16610003b9dfb08a83c62e2e9c4df

    SHA1

    546e745c6d7e5777043f36dea4e1166c2fd6632d

    SHA256

    d75921463a55e2eca97f10e50a271baf5da39a4b51f413cd03f6ae9da6eb15ff

    SHA512

    8a691f8a19819670564632b78972a03b809dd60d05abd4cdd3b5ca1c2b690fcd67450aa4978302d5d999368dad2698298763f9cf6188759408a33536acb43778

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    d95472aebb2725ac4dfe67ec5d98bdd7

    SHA1

    80aea610767aa34e21fd950793cf6ad40d294328

    SHA256

    105a0be22199cb5ba07e577205e77e80e6520c4b08db9bc9b0ec469d2cc2bbe8

    SHA512

    e8a6430f491c8db29318b83a0298e5fdd899c570ffc0db4b9cb0ecd36952c1a0baed37098e15dc2d5b3efaa7be5ad7d84f8c9eade689a8c4d43e3b1f91a9b0a8

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    90786cc8ccebcb8851b8f516dfdd6447

    SHA1

    efc044034b1c5f698520406e071794e2ff273040

    SHA256

    8fd639c5fae5a73c53651857380745aec65f088f5e5eced7ead04b75330aec3c

    SHA512

    7fa7b00de9144e655a5e13efe6cc1aba29653bc5a3219c1987ea228410500e01c36c42b3c66d334cc0b031acfbebf7e4cf5da95bc0053fbb0d0da17077ddeac2

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    0c20c77c7a0a68c1add7c2e31877a34a

    SHA1

    691df4f15fcb9b5fd9e69cdabbbb52e7d48f4b61

    SHA256

    4a36f39bde70d45a5ad1e0177f5cd6b3dbe87ce57cc35effe084337d3c2ba79e

    SHA512

    8eee35b4eafbe4bd9570e442e1d7123f9ee861037851f21786cffb08d7b310ac28eed52a5f6e24e27b7f2ee17de73d7b9737489bf6b52a2d232be6f965135642

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    3318eb5039816095c18b1c9a0c2d1809

    SHA1

    0befba4ea3205ea3c41ca1bbd2efd5c7ea9a7a51

    SHA256

    3e5980d2e484e03ef2d1dc0637a3266b0e48ae8792980128668a621826187ec5

    SHA512

    c162acbb1723a51329816d860deedfe0cd447d5dc5650096b5270d74aff946677fa198b560b77385352c7ded0047e58b2b0e581b434002b23c9f520f901c8d25

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    894e0d60a44dcdb278092bd574bb25eb

    SHA1

    894549b19cd880c927ce9925f2c746d342f92127

    SHA256

    bf28fcc87d7624644c076f2f4b8245387486187541ece13d878d29e11711c566

    SHA512

    26b8555d7b980b00ddf73066424e3edbffd31f84dc8bede381c99ba2245a94b06c4bc1cbaae997ed264fa7d3dd21404212ff55faabab9a2156a52b3cdc565b55

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    1ea8f0528e652b7385e9366823314880

    SHA1

    59151011fd74602777ca99223ab9b0a248de40e2

    SHA256

    149eedc4d0fa5c348fbe2a546cdb71ea782c782cced23b7e135eec96a27ea244

    SHA512

    09554fd69a44d37cf02b87e744585b59d8b302799008797659f3bd268dff7304011fac1944b1a78bfe8b9697da00ae09a4534ee238fa00ca27e9c4bc1ddf1d51

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    72e45606d5f2beb3a8d9eb5361400b53

    SHA1

    f225dc8cc56b41329c748f6339fa2f0a5b850864

    SHA256

    1822f93dfd525583cf018c2bb03f9618d9751a34cc22cafdabdfff851fa25866

    SHA512

    3ee39f1df1d301d8fddda8b7a22aa7f962a953530ac23ae3ea9a41d91b7592a9b162b80950c7099c4536a83e22039a48d6ea2917a22cc806c5bea5f0d48b7b19

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    206ebb8e0b0b5c823dc86df98a9a661b

    SHA1

    4dff55b40b0878105b6d6a389480ae46fb3c40ab

    SHA256

    468b658e9dc86f051519fc2fe2c57d50d5309069e87fca418c0a0af67213c58a

    SHA512

    dadc0a48aa0ab3bf1beba6f92c62f451fd985dbe6aebbc3b3a7b061d1e7dc9ace40275faccba0799fbce69abc97b95b7e5bf595fd0ee77dd2579560e064a942a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    ef9f23036c6949758244fa8e93438bfc

    SHA1

    6bf9709eccfcdf386e5b20884049d3ca247c933c

    SHA256

    a74ed26e363dcac3df5158652d7e2d47b3140201267a1344fee883a4284b1dc5

    SHA512

    a6f5a27ff8eaf1578e2647720bd6a6749194c61bb50e763a528ce3094b2aa2e7b7569db511688d502602227d6d6ffdac17562057f8f4a65d900a8d0ecde01887

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    307738915c77b0e3999b016f2f7775aa

    SHA1

    6f50b258db3586655447255b9eb86cb8235189bf

    SHA256

    45ae02f8b2ee83c4520d62d3b1c40dc53c58248ce7222fd6d1cddeff7d7c1537

    SHA512

    7e1bbea10c6f8b072529c49ca8c48b04e0e078a3783a20d749f9efeedce483212389b6df9ea47052c452c76011fb3bbc67570787f680cff3f2121b24d17e43a5

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    747da461887367c0ac640f579dac3892

    SHA1

    4b09087aef5635016c7c563948ef117402ea321d

    SHA256

    4c37f7beea9fcc270a7ecea66b9b7628d5acf0fa9a15174f9e4c4c73307602ac

    SHA512

    1b2e8a46acf74d2fb1a711819cd335b08eeae545fef4fe86522bc4f707d14aaac1930e0413794af7627aa03ceb53eaafd1dcefafc5fcac54bd2bf822fe4a89a1

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    a9672c4e6e5e3b8519e2911b22825610

    SHA1

    fa3c4950a1cab3fff550e181ce3fbc47a088e664

    SHA256

    09134c730384fedbaa63847a55c2af32236bb0ee11e5b64b297559f59417f862

    SHA512

    8332177ad4802a8edbcd4f4b2484a6013124258f041c4bac41f02ab818f3a3ac4ffdf786f47e9510ba3e8831cf88551810981c36299cff2dcefcda98c1d3ef63

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    07e693ce33dbb336bc3e68b43f0aa8a4

    SHA1

    cb1ea1cdadeb223d64c14dcc0ae0ac209043a8df

    SHA256

    87893e4e240288f7149794eb424c2cc037bb5b0db351ae5759c1d46e24e0ed1a

    SHA512

    52fe7297b50c2ffad33ddbb234a7f58bc8fc2c3cc9b0ba84f2acd9279c8f7b245dd001492d05015f5aaffa6df3d4fa4149853d7da6f246410811b8fe1480755c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    4f36ec93e7e03bf9f8f6a76aaf8800f1

    SHA1

    b5fa115ebcf139dc9304507266bcbd6917fbaa24

    SHA256

    766bfbb1bccba67636b71845e302b806a6b1d2e005224f2f7201d76e335265ed

    SHA512

    e22ce9c81c587f068b0a3550c849e680df4f85a1a911896caf8d0fbd6670f47ea6a98bf566e413eb98f29f75f31a1d0d3317b1e72be61a81bb98aa603a79e3e8

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    fec65dcb2fc5bae29f7c6026a26c1067

    SHA1

    99016a4139d3c0a45be19528b2a015bf4c955546

    SHA256

    96917475ac73a4911c2851b4be660a33bb0d202a97aa0ef8107b6ae9582b88bf

    SHA512

    6f4d3ba3c0d895c8cd6315c28fc88ef058261e6da1592863c6bd998c9024c61f5fddbe796239cbb9a23212976c49d7334bf88bafcb8547f5cbb13e33b976b6b6

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab30A4.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar3115.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

  • memory/2656-2-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

    Download

  • memory/2656-0-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

    Download